ADFS2.0 SAMLRequest不接受该请求
ADFS2.0 SAMLRequest不接受该请求
提问于 2021-09-06 16:54:35
这是我的服务提供程序元数据,这是我的服务提供程序元数据
<?xml version="1.0"?>
<md:EntityDescriptor entityID="https://localhost:5200" validUntil="2022-08-30T19:10:29Z"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<!-- insert ds:Signature element (omitted) -->
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIID2TCCAsGgAwIBAgIUIAXntTTcs4IGVz8v8KpHAz46QfMwDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtZb3JiYSBM
aW5kYTEWMBQGA1UECgwNTWluZExvZ2ljIElOQzEYMBYGA1UECwwPKi5taW5kbG9n
aWMuYXBwMRgwFgYDVQQDDA8qLm1pbmRsb2dpYy5hcHAwHhcNMjEwODE3MTEyMDEw
bvDj7E3wzI80gp7uU3KqU3UNswzsgcwSkwRTGS9sKkNnS62efQXKHRtR7fBwbOqU
Y9bSXiTiSbd9zOvdVd+gGAqOqOB1o+jB55AvjtkzXhaoyBaQM1vStP7OCw0yFhNf
fOKTM7EdAzTXoV4hJtUo0CMcUTFMP8PBnMHWQ5A6jZ8iBCXStcQ5Y71YhPUxa6dh
I7rPk/j8+/qKbKyAhOSRvCiQY5xbAY12rW07WJ1JcWk7jvT7Kx4pll5Mh1G3lOcC
AwEAAaNTMFEwHQYDVR0OBBYEFN2ugfhPaQ2Gyj/5aedoNN1eriDDMB8GA1UdIwQY
MBaAFN2ugfhPaQ2Gyj/5aedoNN1eriDDMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAAqn3aU/U7PA59yjHLjFb8LzMMoAS+b9Fu0d9JNym9K1ugzf
dq/SgBS7MVrhz2bE/n3VQfnv+tjSLqQNwhyHmFy36Z43Q/BYrbofL6RSSrnozFz6
uUYkuFFeCd857OyKOxKv33wD6EE6rNZqI7wEmKov2U7RNToxHD5NmeH0lTBHmBTH
UWp/yLQkTlMZYUDfOCBxlF2+bGS1hzdXPOELN3RZNRk9M61NHyISfE7VpqIlI1Ro
x4DUK89TKDG/mLl985h+sTuPMmIMpl1ozXrJWhKucoqjSfMTh/MLQTQS1lHmeAFH
npro/M9yy1Uwrz4K93nju5kNLLZL7NRzddjHOYs=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:AssertionConsumerService index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://localhost:5200/map"/>
<md:AttributeConsumingService index="0">
<md:ServiceName xml:lang="en">Example.com Employee Portal</md:ServiceName>
<md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address"/>
<md:RequestedAttribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
<md:Organization>
<md:OrganizationName xml:lang="en">Localtest.com Inc.</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">Localtest.com</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">https://localhos:5200/</md:OrganizationURL>
</md:Organization>
</md:EntityDescriptor>这是我的服务提供商计划请求
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="id-16f33a7e-4381-4d40-9fdd-1949dd679e86" Version="2.0" IssueInstant="2021-09-09T07:58:45Z " Destination="https://saml.mlads.mindlogic.app/adfs/ls/" Consent="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:5200</Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/> <samlp:RequestedAuthnContext> <samlp:AuthnContextClassRef xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:Password</samlp:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest>我压缩并编码了base64,但是我的adfs服务器抛出了错误。
压缩数据
nZJtS8MwEMe/Ssj7NunWPTR0g7EhDFTGFF/4LiSpC+Sh5lKc39600zGQDRECgf/l/ve7u9TArWnZqosHt1fvnYKIjtY4YENggbvgmOeggTluFbAo2NPq4Z6Ncsra4KMX3mC03SywllkxbcZjPlNZOZ4XWSlLmlWNTHpVVlJOZ5WaTzF6UQG0dwucPFIqQKe2DiJ3MUl0VGS0SueZzthkzsrJK8Jok7i043FIO8TYAiOkJ8yt4RJyq500/k2LnLct4bIBYoBgtPYOVO97rY0iLwYlwTc+WB6ZslyblZRBAeAlqge+cBrK7XFwABV6RLz8QTRecHPwENlkRGlNTmbJ9TT2x+Sx3ey80eIT3Q31/41Kzq7fe1Ry2GoaQVTHeI5eimuTmPeq+fvKL3q8+Uww0XsneZeuDx9kTa7XT3DkNjv5/U+XXw==
错误详细信息:解码时发现无效数据。
ADFS错误日志
联盟被动请求期间遇到错误。
附加数据协议名称:信任方:
Exception details:
System.IO.InvalidDataException: Found invalid data while decoding.
at System.IO.Compression.Inflater.DecodeDynamicBlockHeader()
at System.IO.Compression.Inflater.Decode()
at System.IO.Compression.Inflater.Inflate(Byte[] bytes, Int32 offset, Int32 length)
at System.IO.Compression.DeflateStream.Read(Byte[] array, Int32 offset, Int32 count)
at Microsoft.IdentityModel.Web.DeflateCookieTransform.Decode(Byte[] encoded)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.DecodeMessageInternal(String message)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.ReadProtocolMessage(String encodedSamlMessage)
at Microsoft.IdentityServer.Protocols.Saml.HttpSamlBindingSerializer.CreateFromNameValueCollection(Uri baseUrl, NameValueCollection collection)
at Microsoft.IdentityServer.Protocols.Saml.HttpRedirectSamlBindingSerializer.ReadMessage(Uri requestUrl, NameValueCollection form)
at Microsoft.IdentityServer.Web.Protocols.Saml.HttpSamlMessageFactory.CreateMessage(WrappedHttpListenerRequest httpRequest)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlContextFactory.CreateProtocolContextFromRequest(WrappedHttpListenerRequest request, ProtocolContext& protocolContext)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateProtocolContext(WrappedHttpListenerRequest request)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetProtocolHandler(WrappedHttpListenerRequest request, ProtocolContext& protocolContext, PassiveProtocolHandler& protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)`回答 1
Stack Overflow用户
发布于 2021-09-23 03:02:33
我忘记了编码url,在我编码url之后,请求应该是=urlencode(base64encode( works.so ))
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/69078019
复制相关文章
相似问题
腾讯云开发者
